Dne �t 23. duben 2002 09:30 jste napsal(a): > On Mon, Apr 22, 2002 at 03:10:48PM -0500, Ziemowit (Chris) Pierzycki wrote: > > Hi, > > I am using snapshot from the 4/19/02 and here is a problem I noticed. > > After initializing everything I go to submit a request for an > > Administrator certificate. It all goes through perfect but then when I > > go to aprove the request (aka Issue Certificate in the Initialization > > menu) I get the certificate that shows these fields empty: > > > > E-Mail: n/a > > Subject alternative Name: n/a > > > > ... and further more I noticed that the e-mail field shows up in: > > > > Distinguished Name: serialNumber=cert's serial,C=US, O=Teleformix LLC, > > OU=Trustcenter, CN=Ziemowit > > Pierzycki,[EMAIL PROTECTED] > > The OID handling has been changed in recent versions of OpenSSL to better > match the RFCs. Both OpenCA and OpenSSL were changed accordingly. Make sure > to also use a very recent (e.g. 4/19/02 or later) OpenSSL-0.9.7 snapshot. > > Best regards, > Lutz
I'm using openca 4/19/02 and openssl 4/15/02 as michael recommended. emailAddress in the DN field works correctly now (if I want it, I set the dn_without_email = NO in ca.conf and ra.conf) But the problem is, x509 isn't looking for email in DN, but in the E-Mail field and E-Mail option is set to n/a. Then openssl returns error like this: <ERROR> Using configuration from /usr/local/OpenCA/etc/openssl/openssl/CA_Admin.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows emailAddress :IA5STRING:'[EMAIL PROTECTED]' commonName :PRINTABLE:'Josef Vesely' organizationalUnitName:PRINTABLE:'Internet' organizationName :PRINTABLE:'Jose-OpenCA server' countryName :PRINTABLE:'CZ' serialNumber :PRINTABLE:'01' ERROR: adding extensions in section default 6428:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:v3_utl.c:309: 6428:error:2206B069:X509 V3 routines:X509V3_EXT_conf:invalid extension string:v3_conf.c:138:name=subjectAltName,section=email: 6428:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:v3_conf.c:92:name=subjectAltName, value=email: unable to write 'random state' General Error Trapped 700: Error while issuing Certificate to Josef Vesely<BR><BR>(file name: /usr/local/OpenCA/var/tmp/01.req ) at /usr/local/OpenCA/lib/functions/misc-utils.lib line 38. Compilation failed in require at /home/www/cgi-bin/cgi-ca/ca line 193. </ERROR> If I edit the request and add (cut&paste) email from DN to "Subject alternative Name" it automaticly adds email to E-Mail field, ithen issuing is without problems. Is there any way to copy email from DN (or direct from the "Request Confirmation Form") to the E-mail field? thanks -- =================================== Josef "jose" Vesely mail: [EMAIL PROTECTED], ICQ: 27347332 Faculty of Informatics, Masaryk university Brno, Czech Republic =================================== _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
